DEV Community

dom
dom

Posted on • Edited on

Tailscale OpenWRT Subnet/Site to site config

ref: https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router and https://tailscale.com/kb/1214/site-to-site

If your Linux system has a /etc/sysctl.d directory, (check with ls /etc/sysctl.d/) use:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
Enter fullscreen mode Exit fullscreen mode

Otherwise:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
Enter fullscreen mode Exit fullscreen mode

Home network: 192.168.8.0, router ip 192.168.8.1

tailscale up --advertise-routes=192.168.8.0/24 --accept-dns=false --accept-routes

to show device origin IP instead of subnet router host add --snat-subnet-routes=false:
tailscale up --advertise-routes=192.168.8.0/24 --accept-dns=false --accept-routes --snat-subnet-routes=false

approve on https://login.tailscale.com/admin/machines

IMPORTANT NOTES:
GL-inet tends to reset tailscale (imo LAN/WAN toggles are decorative), which breaks subnet/S2S routing feature.
Router reboot needed to make it work, as well as other routers to acknowledge the new IP route
(e.g. home router after internet loss broke subnet, or using wifi repeater, tailscale subnet stopped working, travel router was used to connect using ts.net, to then fix subnet routing, after fix still had to reboot travel router for changes to get noticed)
OpenWRT - Make sure to allow access to web/ssh from other networks https://forum.openwrt.org/t/allow-ssh-on-wan/74995/2

Good to know:
Tailscale ports:
Make direct connections by allowing UDP port 41641 to ingress through the firewall
Direct connection between VMs, also add an outbound firewall rule allowing UDP port 3478.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up